Skip to content

nix(loadtest): reduce JWT variants to a single jwt-cache test#5030

Merged
wolfgangwalther merged 15 commits into
PostgREST:mainfrom
wolfgangwalther:reduce-loadtests
Jun 26, 2026
Merged

nix(loadtest): reduce JWT variants to a single jwt-cache test#5030
wolfgangwalther merged 15 commits into
PostgREST:mainfrom
wolfgangwalther:reduce-loadtests

Conversation

@wolfgangwalther

@wolfgangwalther wolfgangwalther commented Jun 21, 2026

Copy link
Copy Markdown
Member

Working towards #5015, specifically addressing #5015 (comment).

Now, I wanted to "save" the -cache-worst variants of the tests, merging them with the regular -cache variants. But ultimately I realized that the -cache-worst tests were broken, at least for quite some time. The commit message of 7e6650b has the details.

I still kept both HS256 and RS256 algorithms for the cache test, but merged them into a single test suite. They should be reported via different URLs separately.

Overall simplified the target generation stuff a lot.

TODO:

@steve-chavez

Copy link
Copy Markdown
Member

Now, the metrics are for the faketime binary, not postgrest, which is not really helpful.

That is surprising 😮. Does libfaketime consume that much CPU? I see 20% on https://github.com/PostgREST/postgrest/actions/runs/27902113938. Maybe we can set some minimum and maximum on CPU and MEM? That would be good for metrics plus it would also prevent measuring another binary by mistake.

@wolfgangwalther

Copy link
Copy Markdown
Member Author

That is surprising 😮. Does libfaketime consume that much CPU? I see 20% on https://github.com/PostgREST/postgrest/actions/runs/27902113938. Maybe we can set some minimum and maximum on CPU and MEM? That would be good for metrics plus it would also prevent measuring another binary by mistake.

The link you quoted is for a run without the changes in this PR. So far, libfaketime is only used for the -worst variant. Have a look at the CPU usage for that variant in your link and you will see the problem - it's a steady 0 with almost no memory usage either.

@steve-chavez

Copy link
Copy Markdown
Member

is only used for the -worst variant. Have a look at the CPU usage for that variant in your link and you will see the problem - it's a steady 0 with almost no memory usage either.

Thanks, got it. I can see the 0 on the -worst variant.

The script currently depends on results from "head" and "main" to be
present to calculate the change ratio. Fallback nicely in case these are
not available, which allows using the same to report URL-by-URL stats
locally.
This is not used by CI and I doubt it's actually used by anyone locally.
The public key is not needed for target generation, only the private
key, so it's enough to pass that.
This makes the next change easier to do, but should be easier to review
step-by-step.
Instead of creating separate test suites for the key type, the PostgREST
instance now accepts both keys via a JWKSet and the targets are
generated 50/50 for both.

The results are still reported seperately by using a different URL,
which shows up as separate rows in the results.
When we changed the test structure to use libfaketime, we moved away
from generating targets as part of the chained command running
with-pg/with-pgrst. This function was left-over from that, the
genTargets script does not need to relay its remaining arguments
arguments anymore.
Instead of passing a path to the output target file, just pass the
directory in which to create the file. This allows the script to create
multiple files later.
Let's use the same dependency when creating key material and when
creating tokens, no need to carry multiple different dependencies and
converting keys between them.
Rethrowing the same error, but without stacktrace is not really useful,
but only makes the code (and debugging!) harder than it should be.
Merge the same code into genTargets, which removes the need to save the
private key to disk and read it again.
This test is not very interesting, really: It's hard to imagine to be
able to produce a regression that would slow down the no-cache case, but
would *not* show when a cache is used.
While we didn't have much problem in this test, it's surely not a
problem either to make the test more reproducible with a fixed base
timestamp. This gives us a tiny bit less of a diff on the next change.
This test is not really functional (anymore?). It depends on some tokens
expiring - but they don't, really. This is because:
1) Before merging the RSA and HS variants earlier in this patch series,
they ran roughly 15s and 34s respectively in CI.
2) Since PostgREST takes a clock skew of up to 30 seconds into account,
there would be *at most* 4s of expiring tokens in a test run - and
*only* in the HS case, not for RSA.
We don't need to restrict us to run every request once. Instead we can
run as many as possible within 60s by removing the `-lazy` flag.

This also allows us to generate fewer targets, because vegeta will do
the repetition for us.
@wolfgangwalther wolfgangwalther marked this pull request as ready for review June 26, 2026 18:32
@wolfgangwalther wolfgangwalther merged commit dcc9904 into PostgREST:main Jun 26, 2026
28 checks passed
@wolfgangwalther wolfgangwalther deleted the reduce-loadtests branch June 26, 2026 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants